<html>
<head><meta charset="utf-8"><title>bad_alloc is a risk even with -fno-exceptions · project-ffi-unwind · Zulip Chat Archive</title></head>
<h2>Stream: <a href="https://rust-lang.github.io/zulip_archive/stream/210922-project-ffi-unwind/index.html">project-ffi-unwind</a></h2>
<h3>Topic: <a href="https://rust-lang.github.io/zulip_archive/stream/210922-project-ffi-unwind/topic/bad_alloc.20is.20a.20risk.20even.20with.20-fno-exceptions.html">bad_alloc is a risk even with -fno-exceptions</a></h3>

<hr>

<base href="https://rust-lang.zulipchat.com">

<head><link href="https://rust-lang.github.io/zulip_archive/style.css" rel="stylesheet"></head>

<a name="190753254"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/210922-project-ffi-unwind/topic/bad_alloc%20is%20a%20risk%20even%20with%20-fno-exceptions/near/190753254" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> acfoltzer <a href="https://rust-lang.github.io/zulip_archive/stream/210922-project-ffi-unwind/topic/bad_alloc.20is.20a.20risk.20even.20with.20-fno-exceptions.html#190753254">(Mar 16 2020 at 17:15)</a>:</h4>
<p>in the lang team meeting, I mentioned that you'll likely get a C++ compiler error if you try compiling exception-throwing code with <code>-fno-exceptions</code>. apparently <code>bad_alloc</code> is a big exception to this: the <code>new</code> constructor that raises that exception is typically compiled into <code>libstdc++</code>, which on most platforms is compiled with exceptions. so even if the user's library is compiled with <code>-fno-exceptions</code>, allocation will still potentially throw <span aria-label="upside down" class="emoji emoji-1f643" role="img" title="upside down">:upside_down:</span></p>



<a name="190753730"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/210922-project-ffi-unwind/topic/bad_alloc%20is%20a%20risk%20even%20with%20-fno-exceptions/near/190753730" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> acfoltzer <a href="https://rust-lang.github.io/zulip_archive/stream/210922-project-ffi-unwind/topic/bad_alloc.20is.20a.20risk.20even.20with.20-fno-exceptions.html#190753730">(Mar 16 2020 at 17:18)</a>:</h4>
<p>I think this further pushes my preference in the direction of whichever proposal makes FFI unwinding support more easily pervasive. between the libc functions unwinding due to <code>pthread_cancel</code>, and <code>bad_alloc</code> coming even from C++ <code>-fno-exceptions</code>, foreign code that is truly nounwind is seeming increasingly rare</p>



<a name="190753859"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/210922-project-ffi-unwind/topic/bad_alloc%20is%20a%20risk%20even%20with%20-fno-exceptions/near/190753859" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> acfoltzer <a href="https://rust-lang.github.io/zulip_archive/stream/210922-project-ffi-unwind/topic/bad_alloc.20is.20a.20risk.20even.20with.20-fno-exceptions.html#190753859">(Mar 16 2020 at 17:19)</a>:</h4>
<p>and right now I think the proposal that best fits this is no. 3 since it would not require changing the types of definitions in existing libraries to add unwinding support</p>



<a name="190754543"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/210922-project-ffi-unwind/topic/bad_alloc%20is%20a%20risk%20even%20with%20-fno-exceptions/near/190754543" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> nikomatsakis <a href="https://rust-lang.github.io/zulip_archive/stream/210922-project-ffi-unwind/topic/bad_alloc.20is.20a.20risk.20even.20with.20-fno-exceptions.html#190754543">(Mar 16 2020 at 17:24)</a>:</h4>
<p><span class="user-group-mention" data-user-group-id="1977">@T-lang</span> <span aria-label="point up" class="emoji emoji-1f446" role="img" title="point up">:point_up:</span></p>



<a name="190755081"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/210922-project-ffi-unwind/topic/bad_alloc%20is%20a%20risk%20even%20with%20-fno-exceptions/near/190755081" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> centril <a href="https://rust-lang.github.io/zulip_archive/stream/210922-project-ffi-unwind/topic/bad_alloc.20is.20a.20risk.20even.20with.20-fno-exceptions.html#190755081">(Mar 16 2020 at 17:28)</a>:</h4>
<p>In my experience, failure to allocate storage isn't all that common in modern systems -- there's usually something seriously wrong if that happens.</p>
<p><span class="user-mention silent" data-user-id="237472">acfoltzer</span> <a href="#narrow/stream/210922-project-ffi-unwind/topic/bad_alloc.20is.20a.20risk.20even.20with.20-fno-exceptions/near/190753859" title="#narrow/stream/210922-project-ffi-unwind/topic/bad_alloc.20is.20a.20risk.20even.20with.20-fno-exceptions/near/190753859">said</a>:</p>
<blockquote>
<p>and right now I think the proposal that best fits this is no. 3 since it would not require changing the types of definitions in existing libraries to add unwinding support</p>
</blockquote>
<p>Is this about libraries that were making incorrect assumptions about <code>extern "C"</code>?</p>



<a name="190755388"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/210922-project-ffi-unwind/topic/bad_alloc%20is%20a%20risk%20even%20with%20-fno-exceptions/near/190755388" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> acfoltzer <a href="https://rust-lang.github.io/zulip_archive/stream/210922-project-ffi-unwind/topic/bad_alloc.20is.20a.20risk.20even.20with.20-fno-exceptions.html#190755388">(Mar 16 2020 at 17:30)</a>:</h4>
<p>that's right, I'm thinking about all the cancellation points listed in <code>pthreads(7)</code> in particular</p>



<a name="190755617"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/210922-project-ffi-unwind/topic/bad_alloc%20is%20a%20risk%20even%20with%20-fno-exceptions/near/190755617" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> centril <a href="https://rust-lang.github.io/zulip_archive/stream/210922-project-ffi-unwind/topic/bad_alloc.20is.20a.20risk.20even.20with.20-fno-exceptions.html#190755617">(Mar 16 2020 at 17:32)</a>:</h4>
<p>To me it's not a priority to retcon code that previously had UB/were unsound as having defined behavior</p>



<a name="190756186"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/210922-project-ffi-unwind/topic/bad_alloc%20is%20a%20risk%20even%20with%20-fno-exceptions/near/190756186" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> acfoltzer <a href="https://rust-lang.github.io/zulip_archive/stream/210922-project-ffi-unwind/topic/bad_alloc.20is.20a.20risk.20even.20with.20-fno-exceptions.html#190756186">(Mar 16 2020 at 17:34)</a>:</h4>
<p>I'm curious what the path forward would be then for libraries like <code>libc</code>. I remember hearing some mentions of just explicitly declaring <code>pthread_cancel</code> to be generally incompatible with Rust, but otherwise it seems like proposals 1 &amp; 2 would require changing a number of ABIs to <code>"C unwind"</code></p>



<a name="190756304"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/210922-project-ffi-unwind/topic/bad_alloc%20is%20a%20risk%20even%20with%20-fno-exceptions/near/190756304" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> acfoltzer <a href="https://rust-lang.github.io/zulip_archive/stream/210922-project-ffi-unwind/topic/bad_alloc.20is.20a.20risk.20even.20with.20-fno-exceptions.html#190756304">(Mar 16 2020 at 17:35)</a>:</h4>
<p>I don't think there's a fundamental reason that couldn't be done, but it seems potentially quite disruptive</p>



<a name="190756675"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/210922-project-ffi-unwind/topic/bad_alloc%20is%20a%20risk%20even%20with%20-fno-exceptions/near/190756675" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> centril <a href="https://rust-lang.github.io/zulip_archive/stream/210922-project-ffi-unwind/topic/bad_alloc.20is.20a.20risk.20even.20with.20-fno-exceptions.html#190756675">(Mar 16 2020 at 17:38)</a>:</h4>
<p>the <code>libc</code> crate can start using <code>"C unwind"</code> for the functions required; if the maintainers of that crate insist that they cannot do that as it would require a semver bump then they can use conditional compilation to use <code>"C unwind"</code> on newer compilers.</p>



<a name="190756719"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/210922-project-ffi-unwind/topic/bad_alloc%20is%20a%20risk%20even%20with%20-fno-exceptions/near/190756719" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> centril <a href="https://rust-lang.github.io/zulip_archive/stream/210922-project-ffi-unwind/topic/bad_alloc.20is.20a.20risk.20even.20with.20-fno-exceptions.html#190756719">(Mar 16 2020 at 17:38)</a>:</h4>
<p>at any rate, on older and current compilers we emit <code>nounwind</code>, so it's not like it was sound before</p>



<a name="190757152"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/210922-project-ffi-unwind/topic/bad_alloc%20is%20a%20risk%20even%20with%20-fno-exceptions/near/190757152" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Amanieu <a href="https://rust-lang.github.io/zulip_archive/stream/210922-project-ffi-unwind/topic/bad_alloc.20is.20a.20risk.20even.20with.20-fno-exceptions.html#190757152">(Mar 16 2020 at 17:42)</a>:</h4>
<p>Cancellation points are forced exceptions, so the rules are different for them: you can have forced exceptions from <code>extern "C"</code> as long as you make sure you have no destructors in the unwound frames.</p>



<a name="190757201"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/210922-project-ffi-unwind/topic/bad_alloc%20is%20a%20risk%20even%20with%20-fno-exceptions/near/190757201" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Amanieu <a href="https://rust-lang.github.io/zulip_archive/stream/210922-project-ffi-unwind/topic/bad_alloc.20is.20a.20risk.20even.20with.20-fno-exceptions.html#190757201">(Mar 16 2020 at 17:42)</a>:</h4>
<p>So there would be no need to change the libc definitions (which would be a breaking change anyways)</p>



<a name="190757362"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/210922-project-ffi-unwind/topic/bad_alloc%20is%20a%20risk%20even%20with%20-fno-exceptions/near/190757362" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> acfoltzer <a href="https://rust-lang.github.io/zulip_archive/stream/210922-project-ffi-unwind/topic/bad_alloc.20is.20a.20risk.20even.20with.20-fno-exceptions.html#190757362">(Mar 16 2020 at 17:44)</a>:</h4>
<p>I think in practice a lot of existing code that calls those APIs would run afoul of the no-destructor requirement, but it is good to know that there is a subset that will work fine as-is</p>



<a name="190757581"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/210922-project-ffi-unwind/topic/bad_alloc%20is%20a%20risk%20even%20with%20-fno-exceptions/near/190757581" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> acfoltzer <a href="https://rust-lang.github.io/zulip_archive/stream/210922-project-ffi-unwind/topic/bad_alloc.20is.20a.20risk.20even.20with.20-fno-exceptions.html#190757581">(Mar 16 2020 at 17:46)</a>:</h4>
<p>to be explicit about my thinking here, I don't think any of these points are existential problems with proposals 1 &amp; 2, they just contribute to an overall impression of friction that I get with the split-ABIs vs proposal 3. I should also be explicit this concern comes from my personal language design aesthetics, as opposed to what our project at Fastly requires. any of the proposals currently described would be suitable for us</p>



<a name="190759355"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/210922-project-ffi-unwind/topic/bad_alloc%20is%20a%20risk%20even%20with%20-fno-exceptions/near/190759355" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> BatmanAoD (Kyle Strand) <a href="https://rust-lang.github.io/zulip_archive/stream/210922-project-ffi-unwind/topic/bad_alloc.20is.20a.20risk.20even.20with.20-fno-exceptions.html#190759355">(Mar 16 2020 at 18:00)</a>:</h4>
<p>I haven't been opining much, but for future reference all opinions I give are based exclusively on (as <span class="user-mention" data-user-id="237472">@acfoltzer</span> put it) "my personal language design aesthetics"; I personally don't actually have any projects that rely on FFI unwinding at the moment.</p>



<a name="190884197"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/210922-project-ffi-unwind/topic/bad_alloc%20is%20a%20risk%20even%20with%20-fno-exceptions/near/190884197" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> nikomatsakis <a href="https://rust-lang.github.io/zulip_archive/stream/210922-project-ffi-unwind/topic/bad_alloc.20is.20a.20risk.20even.20with.20-fno-exceptions.html#190884197">(Mar 17 2020 at 17:32)</a>:</h4>
<p>One thing we didn't do at the end of the meeting,</p>



<a name="190884199"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/210922-project-ffi-unwind/topic/bad_alloc%20is%20a%20risk%20even%20with%20-fno-exceptions/near/190884199" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> nikomatsakis <a href="https://rust-lang.github.io/zulip_archive/stream/210922-project-ffi-unwind/topic/bad_alloc.20is.20a.20risk.20even.20with.20-fno-exceptions.html#190884199">(Mar 17 2020 at 17:32)</a>:</h4>
<p>and I was sort of regretting it,</p>



<a name="190884235"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/210922-project-ffi-unwind/topic/bad_alloc%20is%20a%20risk%20even%20with%20-fno-exceptions/near/190884235" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> nikomatsakis <a href="https://rust-lang.github.io/zulip_archive/stream/210922-project-ffi-unwind/topic/bad_alloc.20is.20a.20risk.20even.20with.20-fno-exceptions.html#190884235">(Mar 17 2020 at 17:32)</a>:</h4>
<p>is to kind of do a "round robin" to get a take on where everybody "stood" in terms of what they'd prefer at that moment</p>



<a name="190884245"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/210922-project-ffi-unwind/topic/bad_alloc%20is%20a%20risk%20even%20with%20-fno-exceptions/near/190884245" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> nikomatsakis <a href="https://rust-lang.github.io/zulip_archive/stream/210922-project-ffi-unwind/topic/bad_alloc.20is.20a.20risk.20even.20with.20-fno-exceptions.html#190884245">(Mar 17 2020 at 17:32)</a>:</h4>
<p>...I think it's a useful thing we should do more often...</p>



<a name="190884299"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/210922-project-ffi-unwind/topic/bad_alloc%20is%20a%20risk%20even%20with%20-fno-exceptions/near/190884299" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> nikomatsakis <a href="https://rust-lang.github.io/zulip_archive/stream/210922-project-ffi-unwind/topic/bad_alloc.20is.20a.20risk.20even.20with.20-fno-exceptions.html#190884299">(Mar 17 2020 at 17:33)</a>:</h4>
<p>...though I partly feel like I haven't quite formed my opinion yet. I'm trying to find the "hook" that would put me on one side or another.</p>



<a name="190884466"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/210922-project-ffi-unwind/topic/bad_alloc%20is%20a%20risk%20even%20with%20-fno-exceptions/near/190884466" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> nikomatsakis <a href="https://rust-lang.github.io/zulip_archive/stream/210922-project-ffi-unwind/topic/bad_alloc.20is.20a.20risk.20even.20with.20-fno-exceptions.html#190884466">(Mar 17 2020 at 17:34)</a>:</h4>
<p>I feel like it'd be useful for folks with an opinion to lay out which factors they find most important that pushed them to one side or the other, as <span class="user-mention" data-user-id="237472">@acfoltzer</span> did -- i.e., kind of summarize what you see as the crux of the case and what pushes you to one side</p>



<a name="190884477"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/210922-project-ffi-unwind/topic/bad_alloc%20is%20a%20risk%20even%20with%20-fno-exceptions/near/190884477" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> nikomatsakis <a href="https://rust-lang.github.io/zulip_archive/stream/210922-project-ffi-unwind/topic/bad_alloc.20is.20a.20risk.20even.20with.20-fno-exceptions.html#190884477">(Mar 17 2020 at 17:34)</a>:</h4>
<p><del>one other clarification that I was thinking about</del> (never mind, I was confused)</p>



<a name="190889810"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/210922-project-ffi-unwind/topic/bad_alloc%20is%20a%20risk%20even%20with%20-fno-exceptions/near/190889810" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> acfoltzer <a href="https://rust-lang.github.io/zulip_archive/stream/210922-project-ffi-unwind/topic/bad_alloc.20is.20a.20risk.20even.20with.20-fno-exceptions.html#190889810">(Mar 17 2020 at 18:13)</a>:</h4>
<p>that sounds good as long as we're explicit that it's not a decision-making vote, but just a chance to see where we are relative to a consensus position. I'd be happy to type up more of my thoughts on why I'm personally leaning toward proposal 3</p>



<a name="190913319"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/210922-project-ffi-unwind/topic/bad_alloc%20is%20a%20risk%20even%20with%20-fno-exceptions/near/190913319" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> nikomatsakis <a href="https://rust-lang.github.io/zulip_archive/stream/210922-project-ffi-unwind/topic/bad_alloc.20is.20a.20risk.20even.20with.20-fno-exceptions.html#190913319">(Mar 17 2020 at 21:30)</a>:</h4>
<p>yep, I see this as more of a "where we currently stand and why"</p>



<a name="190916388"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/210922-project-ffi-unwind/topic/bad_alloc%20is%20a%20risk%20even%20with%20-fno-exceptions/near/190916388" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> BatmanAoD (Kyle Strand) <a href="https://rust-lang.github.io/zulip_archive/stream/210922-project-ffi-unwind/topic/bad_alloc.20is.20a.20risk.20even.20with.20-fno-exceptions.html#190916388">(Mar 17 2020 at 21:59)</a>:</h4>
<p><span class="user-mention silent" data-user-id="116009">nikomatsakis</span> <a href="#narrow/stream/210922-project-ffi-unwind/topic/bad_alloc.20is.20a.20risk.20even.20with.20-fno-exceptions/near/190884197" title="#narrow/stream/210922-project-ffi-unwind/topic/bad_alloc.20is.20a.20risk.20even.20with.20-fno-exceptions/near/190884197">said</a>:</p>
<blockquote>
<p>One thing we didn't do at the end of the meeting,</p>
</blockquote>
<p>I thought we agreed to do that offline, i.e. the "straw poll" discussion. It seems <span class="user-mention" data-user-id="126931">@centril</span> is opposed on principle,  though, unless I'm misunderstanding.</p>



<a name="190916493"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/210922-project-ffi-unwind/topic/bad_alloc%20is%20a%20risk%20even%20with%20-fno-exceptions/near/190916493" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> BatmanAoD (Kyle Strand) <a href="https://rust-lang.github.io/zulip_archive/stream/210922-project-ffi-unwind/topic/bad_alloc.20is.20a.20risk.20even.20with.20-fno-exceptions.html#190916493">(Mar 17 2020 at 22:00)</a>:</h4>
<p>Or did you think it would be better to just get verbal responses, synchronously?</p>



<a name="190967288"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/210922-project-ffi-unwind/topic/bad_alloc%20is%20a%20risk%20even%20with%20-fno-exceptions/near/190967288" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> centril <a href="https://rust-lang.github.io/zulip_archive/stream/210922-project-ffi-unwind/topic/bad_alloc.20is.20a.20risk.20even.20with.20-fno-exceptions.html#190967288">(Mar 18 2020 at 11:30)</a>:</h4>
<p><span class="user-mention" data-user-id="120076">@BatmanAoD (Kyle Strand)</span>  I'm fine with straw polls on Zulip, although the decision is T-Lang's, but I don't like large straw polls on github</p>



<a name="190982498"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/210922-project-ffi-unwind/topic/bad_alloc%20is%20a%20risk%20even%20with%20-fno-exceptions/near/190982498" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> nikomatsakis <a href="https://rust-lang.github.io/zulip_archive/stream/210922-project-ffi-unwind/topic/bad_alloc.20is.20a.20risk.20even.20with.20-fno-exceptions.html#190982498">(Mar 18 2020 at 13:54)</a>:</h4>
<p><span class="user-mention silent" data-user-id="120076">BatmanAoD (Kyle Strand)</span> <a href="#narrow/stream/210922-project-ffi-unwind/topic/bad_alloc.20is.20a.20risk.20even.20with.20-fno-exceptions/near/190916388" title="#narrow/stream/210922-project-ffi-unwind/topic/bad_alloc.20is.20a.20risk.20even.20with.20-fno-exceptions/near/190916388">said</a>:</p>
<blockquote>
<p>I thought we agreed to do that offline, i.e. the "straw poll" discussion. It seems <span class="user-mention silent" data-user-id="126931">centril</span> is opposed on principle,  though, unless I'm misunderstanding.</p>
</blockquote>
<p>yeah, we did, though I think I'd prefer to see a bit more detailed thoughts, and I just think that in general there is value in make sure we actively hear from the folks in the room. I've found that the "quiet people" often have interesting things to say, and they may or may not speak up in the async case ...</p>



<a name="191036737"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/210922-project-ffi-unwind/topic/bad_alloc%20is%20a%20risk%20even%20with%20-fno-exceptions/near/191036737" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> nagisa <a href="https://rust-lang.github.io/zulip_archive/stream/210922-project-ffi-unwind/topic/bad_alloc.20is.20a.20risk.20even.20with.20-fno-exceptions.html#191036737">(Mar 18 2020 at 20:22)</a>:</h4>
<p>POI: on embedded systems and standard C++ libraries written for that purpose using <code>-fno-exceptions</code> actually does what you’d expect, even in presence of memory allocation failures (which in turn are possible and likely there)</p>



<a name="191038447"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/210922-project-ffi-unwind/topic/bad_alloc%20is%20a%20risk%20even%20with%20-fno-exceptions/near/191038447" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> BatmanAoD (Kyle Strand) <a href="https://rust-lang.github.io/zulip_archive/stream/210922-project-ffi-unwind/topic/bad_alloc.20is.20a.20risk.20even.20with.20-fno-exceptions.html#191038447">(Mar 18 2020 at 20:35)</a>:</h4>
<p><span class="user-mention" data-user-id="123586">@nagisa</span> Could you be more explicit? I'm not actually sure what I'd expect!</p>



<a name="191040416"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/210922-project-ffi-unwind/topic/bad_alloc%20is%20a%20risk%20even%20with%20-fno-exceptions/near/191040416" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> nagisa <a href="https://rust-lang.github.io/zulip_archive/stream/210922-project-ffi-unwind/topic/bad_alloc.20is.20a.20risk.20even.20with.20-fno-exceptions.html#191040416">(Mar 18 2020 at 20:50)</a>:</h4>
<p>It does not generate any code to unwind. I don’t remember what exact behaviour it was, but IIRC it just behaved like <code>new(nothrow)</code>, i.e. returned a <code>nullptr</code>.</p>



<a name="191040504"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/210922-project-ffi-unwind/topic/bad_alloc%20is%20a%20risk%20even%20with%20-fno-exceptions/near/191040504" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> BatmanAoD (Kyle Strand) <a href="https://rust-lang.github.io/zulip_archive/stream/210922-project-ffi-unwind/topic/bad_alloc.20is.20a.20risk.20even.20with.20-fno-exceptions.html#191040504">(Mar 18 2020 at 20:51)</a>:</h4>
<p>Ah, okay. Thanks.</p>



<a name="191049491"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/210922-project-ffi-unwind/topic/bad_alloc%20is%20a%20risk%20even%20with%20-fno-exceptions/near/191049491" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Amanieu <a href="https://rust-lang.github.io/zulip_archive/stream/210922-project-ffi-unwind/topic/bad_alloc.20is.20a.20risk.20even.20with.20-fno-exceptions.html#191049491">(Mar 18 2020 at 22:12)</a>:</h4>
<p>You get this with -fno-exceptions:</p>
<div class="codehilite"><pre><span></span>terminate called after throwing an instance of &#39;std::bad_alloc&#39;
  what():  std::bad_alloc
</pre></div>



<a name="191049540"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/210922-project-ffi-unwind/topic/bad_alloc%20is%20a%20risk%20even%20with%20-fno-exceptions/near/191049540" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Amanieu <a href="https://rust-lang.github.io/zulip_archive/stream/210922-project-ffi-unwind/topic/bad_alloc.20is.20a.20risk.20even.20with.20-fno-exceptions.html#191049540">(Mar 18 2020 at 22:13)</a>:</h4>
<p>(with libstdc++)</p>



<a name="191049562"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/210922-project-ffi-unwind/topic/bad_alloc%20is%20a%20risk%20even%20with%20-fno-exceptions/near/191049562" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Amanieu <a href="https://rust-lang.github.io/zulip_archive/stream/210922-project-ffi-unwind/topic/bad_alloc.20is.20a.20risk.20even.20with.20-fno-exceptions.html#191049562">(Mar 18 2020 at 22:13)</a>:</h4>
<p>Now obviously if you recompile libstdc++ itself with -fno-exceptions then you'll just get a direct abort instead.</p>



<a name="191051424"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/210922-project-ffi-unwind/topic/bad_alloc%20is%20a%20risk%20even%20with%20-fno-exceptions/near/191051424" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> BatmanAoD (Kyle Strand) <a href="https://rust-lang.github.io/zulip_archive/stream/210922-project-ffi-unwind/topic/bad_alloc.20is.20a.20risk.20even.20with.20-fno-exceptions.html#191051424">(Mar 18 2020 at 22:35)</a>:</h4>
<p>So, in that case, it sounds like <code>libstdc++</code> compiled with <code>-fexceptions</code>, linked against Rust using our "strategy 2" (with the new ABI) that calls C++ code via <code>extern "C"</code> (the old ABI), <em>would</em> have undefined behavior if that C++ code has a failed allocation.</p>



<a name="191051950"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/210922-project-ffi-unwind/topic/bad_alloc%20is%20a%20risk%20even%20with%20-fno-exceptions/near/191051950" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Amanieu <a href="https://rust-lang.github.io/zulip_archive/stream/210922-project-ffi-unwind/topic/bad_alloc.20is.20a.20risk.20even.20with.20-fno-exceptions.html#191051950">(Mar 18 2020 at 22:41)</a>:</h4>
<p>Yes, however keep in mind that the practical effect of such UB is actually quite limited in practice: it will usually just terminate the program since it can't find an exception handler.</p>



<a name="191052063"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/210922-project-ffi-unwind/topic/bad_alloc%20is%20a%20risk%20even%20with%20-fno-exceptions/near/191052063" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> BatmanAoD (Kyle Strand) <a href="https://rust-lang.github.io/zulip_archive/stream/210922-project-ffi-unwind/topic/bad_alloc.20is.20a.20risk.20even.20with.20-fno-exceptions.html#191052063">(Mar 18 2020 at 22:42)</a>:</h4>
<p>That sounds rather friendly</p>



<hr><p>Last updated: Aug 07 2021 at 22:04 UTC</p>
</html>